Update core/security.py

core/security.py

@@ -12,9 +12,10 @@ logger = logging.getLogger(__name__)
 
 # OAuth2 setup
 oauth2_scheme = OAuth2PasswordBearer(
-    tokenUrl="/auth/login",  # Correct path
+    tokenUrl="/auth/login",
     scheme_name="JWT"
 )
+
 # Password hashing context
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
@@ -30,32 +31,62 @@ def verify_password(plain: str, hashed: str) -> bool:
 def create_access_token(data: dict, expires_delta: timedelta = None):
     to_encode = data.copy()
     expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
-    to_encode.update({"exp": expire})
-    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    to_encode.update({"exp": expire, "iat": datetime.utcnow()})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    logger.debug(f"Created JWT for {data.get('sub')}, expires at {expire}")
+    return encoded_jwt
 
 # Get the current user from the JWT token
 async def get_current_user(request: Request, token: str = Depends(oauth2_scheme)):
-    print("🧪 Request headers:", dict(request.headers))
-    print("🔐 Raw token received:", token)
+    logger.debug(f"Processing token: {token[:10]}...")  # Log partial token for security
+    logger.debug(f"Request headers: {dict(request.headers)}")
 
     if not token:
-        print("❌ No token received")
-        raise HTTPException(status_code=401, detail="No token provided")
+        logger.error("No token provided in Authorization header")
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="No token provided",
+            headers={"WWW-Authenticate": "Bearer"}
+        )
 
     try:
         payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
-        print("🧠 Token payload:", payload)
+        logger.debug(f"Token payload: {payload}")
 
         email = payload.get("sub")
         if not email:
-            raise HTTPException(status_code=401, detail="Invalid token: missing subject")
+            logger.error("Invalid token: missing subject")
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid token: missing subject",
+                headers={"WWW-Authenticate": "Bearer"}
+            )
+
+        # Check token expiration explicitly
+        exp = payload.get("exp")
+        if exp and datetime.utcnow().timestamp() > exp:
+            logger.error(f"Token expired for {email}")
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Token has expired",
+                headers={"WWW-Authenticate": "Bearer"}
+            )
+
     except JWTError as e:
-        print("❌ JWT decode error:", str(e))
-        raise HTTPException(status_code=401, detail="Could not validate token")
+        logger.error(f"JWT decode error: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=f"Could not validate token: {str(e)}",
+            headers={"WWW-Authenticate": "Bearer"}
+        )
 
     user = await users_collection.find_one({"email": email})
     if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        logger.error(f"User not found for email: {email}")
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
 
-    print("✅ Authenticated user:", user["email"])
+    logger.info(f"Authenticated user: {user['email']}")
     return user